Improving register_globals

16 years ago · 23a3fa74ab
parent f751f0139e
commit 23a3fa74ab
5 changed files with 27 additions and 22 deletions
--- a/pages/account/15.php
+++ b/pages/account/15.php
@ -16,9 +16,10 @@
    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */ ?>
 <?
-	$certid = $_SESSION[_config][cert];
+	$certid = 0; if(array_key_exists('cert',$_REQUEST)) $certid=intval($_REQUEST['cert']);
+
 	$query = "select * from `domaincerts`,`domains` where `domaincerts`.`id`='$certid' and
-			`domains`.`memid`='".$_SESSION[profile][id]."' and
+			`domains`.`memid`='".intval($_SESSION['profile']['id'])."' and
 			`domains`.`id`=`domaincerts`.`domid`";
 	$res = mysql_query($query);
 	if(mysql_num_rows($res) <= 0)
@ -28,8 +29,8 @@
 		exit;
 	}
 	$row = mysql_fetch_assoc($res);
-
-	$cert = `/usr/bin/openssl x509 -in $row[crt_name]`;
+        $crtname=escapeshellarg($row['crt_name']);
+	$cert = `/usr/bin/openssl x509 -in $crtname`;
 ?>
 <h3><?=_("Below is your Server Certificate")?></h3>
 <pre>
--- a/pages/account/19.php
+++ b/pages/account/19.php
@ -16,9 +16,10 @@
    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */ ?>
 <?
-	$certid = intval($cert);
+	$certid = 0; if(array_key_exists('cert',$_REQUEST)) $certid=intval($_REQUEST['cert']);
+
 	$query = "select * from `orgemailcerts`,`org` where `orgemailcerts`.`id`='$certid' and
-			`org`.`memid`='".$_SESSION[profile][id]."' and
+			`org`.`memid`='".intval($_SESSION['profile']['id'])."' and
 			`org`.`orgid`=`orgemailcerts`.`orgid`";
 	$res = mysql_query($query);
 	if(mysql_num_rows($res) <= 0)
@ -29,8 +30,8 @@
 		exit;
 	}
 	$row = mysql_fetch_assoc($res);
-
-	$cert = `/usr/bin/openssl x509 -in $row[crt_name]`;
+        $crtname=escapeshellarg($row['crt_name']);
+	$cert = `/usr/bin/openssl x509 -in $crtname`;

 	if($row[keytype] == "NS")
 	{
@ -38,7 +39,7 @@
 		{
 			header("Content-Type: application/x-x509-user-cert");
 			header("Content-Length: ".strlen($cert));
-			header('Content-Disposition: inline; filename="'.$row[CN].'.crt"');
+			header('Content-Disposition: inline; filename="'.$row['CN'].'.crt"');
 			echo $cert;
 			exit;
 		} else {
--- a/pages/account/23.php
+++ b/pages/account/23.php
@ -16,9 +16,10 @@
    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */ ?>
 <?
-	$certid = $_SESSION[_config][cert];
+	$certid = 0; if(array_key_exists('cert',$_REQUEST)) $certid=intval($_REQUEST['cert']);
+
 	$query = "select * from `orgdomaincerts`,`org` where `orgdomaincerts`.`id`='$certid' and
-			`org`.`memid`='".$_SESSION[profile][id]."' and
+			`org`.`memid`='".intval($_SESSION['profile']['id'])."' and
 			`org`.`orgid`=`orgdomaincerts`.`orgid`";
 	$res = mysql_query($query);
 	if(mysql_num_rows($res) <= 0)
@ -28,8 +29,8 @@
 		exit;
 	}
 	$row = mysql_fetch_assoc($res);
-
-	$cert = `/usr/bin/openssl x509 -in $row[crt_name]`;
+        $crtname=escapeshellarg($row['crt_name']);
+	$cert = `/usr/bin/openssl x509 -in $crtname`;
 ?>
 <h3><?=_("Below is your Server Certificate")?></h3>
 <pre>
--- a/pages/account/24.php
+++ b/pages/account/24.php
@ -22,27 +22,27 @@
  </tr>
  <tr>
    <td class="DataTD"><?=_("Organisation Name")?>:</td>
-    <td class="DataTD"><input type="text" name="O" value="<?=$_SESSION[_config][O]?>"></td>
+    <td class="DataTD"><input type="text" name="O" value="<?=sanitizeHTML($_SESSION['_config']['O'])?>"></td>
  </tr>
  <tr>
    <td class="DataTD"><?=_("Contact Email")?>:</td>
-    <td class="DataTD"><input type="text" name="contact" value="<?=$_SESSION[_config][contact]?>"></td>
+    <td class="DataTD"><input type="text" name="contact" value="<?=sanitizeHTML($_SESSION['_config']['contact'])?>"></td>
  </tr>
  <tr>
    <td class="DataTD"><?=_("Town/Suburb")?>:</td>
-    <td class="DataTD"><input type="text" name="L" value="<?=$_SESSION[_config][L]?>"></td>
+    <td class="DataTD"><input type="text" name="L" value="<?=sanitizeHTML($_SESSION['_config']['L'])?>"></td>
  </tr>
  <tr>
    <td class="DataTD"><?=_("State/Province")?>:</td>
-    <td class="DataTD"><input type="text" name="ST" value="<?=$_SESSION[_config][ST]?>"></td>
+    <td class="DataTD"><input type="text" name="ST" value="<?=sanitizeHTML($_SESSION['_config']['ST'])?>"></td>
  </tr>
  <tr>
    <td class="DataTD"><?=_("Country")?>:</td>
-    <td class="DataTD"><input type="text" name="C" value="<?=$_SESSION[_config][C]?>"></td>
+    <td class="DataTD"><input type="text" name="C" value="<?=sanitizeHTML($_SESSION['_config']['C'])?>"></td>
  </tr>
  <tr>
    <td class="DataTD"><?=_("Comments")?>:</td>
-    <td class="DataTD"><textarea name="comments" cols=15 rows=5><?=$_SESSION[_config][comments]?></textarea></td>
+    <td class="DataTD"><textarea name="comments" cols=15 rows=5><?=sanitizeHTML($_SESSION['_config']['comments'])?></textarea></td>
  </tr>
  <tr>
    <td class="DataTD" colspan="2"><input type="submit" name="process" value="<?=_("Next")?>"></td>
--- a/pages/account/6.php
+++ b/pages/account/6.php
@ -16,7 +16,8 @@
    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */ ?>
 <?
-	$certid = intval($cert);
+	$certid = 0; if(array_key_exists('cert',$_REQUEST)) $certid=intval($_REQUEST['cert']);
+
 	$query = "select * from `emailcerts` where `id`='$certid' and `memid`='".intval($_SESSION['profile']['id'])."'";
 	$res = mysql_query($query);
 	if(mysql_num_rows($res) <= 0)
@ -28,7 +29,8 @@
 	}
 	$row = mysql_fetch_assoc($res);

-	$cert = `/usr/bin/openssl x509 -in $row[crt_name]`;
+	$crtname=escapeshellarg($row['crt_name']);
+	$cert = `/usr/bin/openssl x509 -in $crtname`;

 	if($row['keytype'] == "NS")
 	{
@ -36,7 +38,7 @@
 		{
 			header("Content-Type: application/x-x509-user-cert");
 			header("Content-Length: ".strlen($cert));
-			header('Content-Disposition: inline; filename="'.$row[CN].'.crt"');
+			header('Content-Disposition: inline; filename="'.$row['CN'].'.crt"');
 			echo $cert;
 			exit;
 		} else {